All posts by Vladimir Katalov

Five Hundred Posts

October 30th, 2020 by Vladimir Katalov

Believe me or not, but this is exactly the 500th post in our blog! The first one was posted in March 2009 and was about Distributed Password Recovery and GPU acceleration. At that time, we even did not do mobile or cloud forensics. Today it’s not about our achievements. I want to thank you for being with us, and share a few bits and pieces about our blog that you may find handy or at least amusing.

Apple iMessage is an important communication channel and an essential part of forensic acquisition efforts. iMessage chats are reasonably secure. Your ability to extract iMessages as well as the available sources of extraction will depend on several factors. Let’s discuss the factors that may affect your ability to extract, and what you can do to overcome them.

Remember the good old times when there was a lot of applications with “snake oil” encryption? You know, the kind of “peace of mind” protection that allowed recovering or removing the original plaintext password instantly? It is still the case for a few “we-don’t-care” apps such as QuickBooks 2021, but all of the better tools can no longer be cracked that easily. Let’s review some password recovery strategies used in our software today.

If the iPhone is locked with a passcode, it is considered reasonably secure. The exception are some older devices, which are relatively vulnerable. But what if the passcode is known or is not set? Will it be easy to gain access to all of the data stored in the device? And why do we have the countless forensic tools –is analysis and reporting the sole reason for their existence? Not really. If you’ve been wondering what this acquisition thing is all about, this article is for you.

Criminals are among the most advanced users of modern technology. They learned how to hide information in their smartphones and how to encrypt their laptops. They communicate via secure channels. Their passwords never leak, and they do their best to leave no traces. Forensic investigators encounter new challenges every other day. In this article, we will discuss yet another tool used by the criminals to cover their traces: the encrypted virtual machine.

Making tools for breaking passwords, I am frequently asked whether it’s legal, or how it works, or what one can do to protect their password from being cracked. There are people who have “nothing to hide”. There are those wearing tin foil hats, but there are a lot more people who can make a reasonable effort to secure their lives without going overboard. This article is for them.

When investigating iOS devices, you may have seen references to the SoC generation. Security researchers and developers of various iOS jailbreaks and exploits often list a few iPhone models followed by a note that mentions “compatible iPad models”. This is especially common when discussing iOS forensics, particularly referring to the checkra1n jailbreak. What do those references mean, and how are the iPhone and iPad models related? Can we count the iPod Touch and Apple TV, too? Let’s have a look.

The number of iOS 14 users is on the raise, and we will see it running on most Apple devices pretty soon. Apple had already stopped signing the last version of iOS 13 on all but legacy hardware. Soon, we will only see it running on the iPhone 5s and iPhone 6 which didn’t get the update, and on a small fraction of newer devices. If you are working in the forensic field, what do you need to do to make yourself ready for iOS 14? Our software may help.

Everyone’s iPhones contain overwhelming amounts of highly sensitive personal information. Even if some of that data is not stored on the device, the iPhone itself or the data inside can work as a key to other many things from bank accounts to private family life. While there are many possible vectors of attack, the attacker will always try exploiting the weakest link. Learn to think like one, find the weakest link and eliminate the potential vulnerabilities before they are exploited. This guide comes from the forensic guys making tools for the law enforcement, helping the good guys break into the bad guys’ iPhones.

Regular or disposable Apple IDs can now be used to extract data from compatible iOS devices if you have a Mac. The use of a non-developer Apple ID carries certain risks and restrictions. In particular, one must “verify” the extraction agent on the target iPhone, which requires an active Internet connection. Learn how to verify the extraction agent signed with a regular or disposable Apple ID without the risk of receiving an accidental remote lock or remote erase command.